#!/bin/sh /etc/rc.common

START=60

config_cb() {
	config_get TYPE "$CONFIG_SECTION" TYPE
	case "$TYPE" in
		webifopenvpn)
			append openvpnconfigs "$CONFIG_SECTION" "$N"
		;;
	esac
}

report_log() {
	[ "$#" -gt 0 ] && logger -s -t "webifopenvpn" "$@"
}

append_bool() {
	local section="ovpn"
	local option="$1"
	local value="$2"
	local _loctmp
	config_get_bool _loctmp "$section" "$option"
	[ "$_loctmp" -gt 0 ] && append args "$2"
}

append_parm() {
	local section="ovpn"
	local option="$1"
	local switch="$2"
	local default="$3"
	local _loctmp
	config_get _loctmp "$section" "$option"
	[ -z "$_loctmp" ] && _loctmp="$default"
	[ -n "$_loctmp" ] && append args "$switch $_loctmp"
}

file_check() {
	while [ -n "$1" ]; do
		if [ ! -f "$1" ]; then
			report_log "Missing $1. Please generate and try again."
			auth_incomplete=1
		fi
		shift
	done
}

start() {
	config_load webifopenvpn
	openvpnconfigs=$(echo "$openvpnconfigs" |uniq)

	for config in $openvpnconfigs; do
		config_get CONFIG_ovpn_mode $config "mode"
		config_get CONFIG_ovpn_enabled $config "enabled"
		config_get CONFIG_ovpn_port $config "port"
		config_get CONFIG_ovpn_auth $config "auth"
		config_get CONFIG_ovpn_proto $config "proto"
		config_get CONFIG_ovpn_complzo $config "complzo"
		config_get CONFIG_ovpn_ping $config "ping"
		config_get CONFIG_ovpn_pingrestart $config "pingrestart"
		config_get CONFIG_ovpn_persisttun $config "persisttun"
		config_get CONFIG_ovpn_persistkey $config "persistkey"
		config_get CONFIG_ovpn_ipaddr $config "ipaddr"
		config_get CONFIG_ovpn_client_to_client $config "client_to_client"
		config_get CONFIG_ovpn_cmdline $config "cmdline"
		config_get CONFIG_ovpn_local $config "local"
		config_get CONFIG_ovpn_remote  $config "remote"
		config_get CONFIG_ovpn_pull  $config "pull"
		config_get dir_name $config "dir"

		auth_incomplete=0
		args=""

		case "$CONFIG_ovpn_auth" in
			cert)
				file_check "$dir_name/certificate.p12"
				append args "--pkcs12 $dir_name/certificate.p12"
			;;
			psk)
				file_check "$dir_name/shared.key"
				append args "--secret $dir_name/shared.key"
			;;
			pem)
				file_check "$dir_name/ca.crt" "$dir_name/client.crt" "$dir_name/client.key"
				append args "--ca $dir_name/ca.crt --cert $dir_name/client.crt --key $dir_name/client.key"
				if [ "$CONFIG_ovpn_mode" = "server" ]; then
					append args "--dh $dir_name/dh.pem"
				fi
			;;
			*)
				report_log "unknown authentication type, aborting!"
				auth_incomplete=1
			;;
		esac
		[ "$auth_incomplete" != 0 ] && exit


		append_parm "proto" "--proto" "udp"
		append_parm "port" "--port" "1194"

		append_parm "dev" "--dev" "tun"
		append_parm "user" "--user" "nobody"
		append_parm "group" "--group" "nogroup"
		append_parm "status" "--status" "/tmp/openvpn-status.log"
		append_parm "verb" "--verb" "1"

		append_bool "complzo" "--comp-lzo"
		append_bool "persisttun" "--persist-tun"
		append_bool "persistkey" "--persist-key"
		append_bool "client_to_client" "--client-to-client"

		append_parm "ping" "--ping"
		append_parm "ping_restart" "--ping-restart"
		pid=$(mktemp /var/run/webifopenvpn.pid.XXXXXX)
		append_parm "write_pid" "--writepid" "$pid"
		append_parm "cmdline" ""
		if [ -n "$CONFIG_ovpn_local" -a -n "$CONFIG_ovpn_remote" ]; then
			append args "--ifconfig $CONFIG_ovpn_local $CONFIG_ovpn_remote"
		fi

		case "$CONFIG_ovpn_mode" in
			client)
				if [ -z "$CONFIG_ovpn_ipaddr" ]; then
					report_log "remote server not configured!"
					exit
				fi
				append_bool "pull" "--pull"
				if [ "$CONFIG_ovpn_auth" = "pem" ]; then
					append args "--tls-client"
				fi
				append args "--remote $CONFIG_ovpn_ipaddr --nobind"
			;;
			server)
				if [ -z "$CONFIG_ovpn_local" ]; then
					report_log "local VPN endpoint not configured!"
					exit
				fi
				if [ -z "$CONFIG_ovpn_remote" ]; then
					report_log "remote VPN endpoint not configured!"
					exit
				fi
				if [ "$CONFIG_ovpn_auth" = "pem" ]; then
					append args "--tls-server"
				fi
			;;
			*)
				report_log "unknown mode, aborting!"
				exit 0
			;;
		esac
		openvpn --daemon $args
	done
}

stop() {
	for i in $(ls /var/run/webifopenvpn.pid*); do
		webifopenvpn_pid=$(cat "$i" 2>/dev/null)
		[ -n "$webifopenvpn_pid" ] && [ -d /proc/$webifopenvpn_pid ] && kill -TERM $webifopenvpn_pid 2>/dev/null
	done
}

restart() {
	stop
	sleep 3
	start
}

reload() {
	restart
}
